Skip to Content
0
Former Member
Dec 07, 2006 at 08:09 PM

SSO from Windows to UNIX

46 Views

Hello,

We have implemented a SSO solution (actually impersonation) using the SDN article "How to Use Windows NT Logon for Single Sign-On in an SAP Web Application". This solution worked very well using a SNC Trusted connection to pass user information through a SAP .NET Connector application. We simply use the SAP Windows SNC DLL to form the connection and developed a custom .NET application.

Unfortuantely, our SAP instances are moving from a Windows platform to a UNIX platform, which completely breaks our trusted IIS->SAP relationship. Even worse, there are no plans to implement a SSO solution from the SAP GUI perspective. Therefore, we cannot leverage a SNC connection on the UNIX platform (like Kerberos).

Our SAP GUI users will now login in using a simple UID and password. This situation leaves my .NET application with very few options:

1) Create a login screen for the users. (They will complain about going from SSO to UID and PWD)

2) Implement a Kerberos SSO specifially for our application. (This solution might be a little costly and complex for our small .NET application)

3) Implement SAP Portal with Logon tickets (again, another costly endeavor)

4) Form a trust with SAP UNIX to pass in the EXTID attribute without using SNC. (This solution sounds improbable)

Questions:

  • Can anyone recommend a SSO (or impersonation) process for a .NET solution to UNIX?

  • Can anyone comment on the complexity and cost of setting up the SAP Portal or Kerberos?

  • Does anyone know how to form a trusted connection with SAP Unix without SNC?

thanks,

dave